<?php
session_start();
require_once('../lib.php');

if(verify_page()){
	$permission = $_SESSION[sess_login]['permission'];
	if( isset($_GET['act']) && $_GET['act'] != ''){
		$act = $_GET['act'];
		switch($act){
			  case "new": 	{	
			  		if($permission =='2' || $permission =='3' ){
						  if( isset($_GET['val']) && $_GET['val'] != ''){
									$val = $_GET['val']; //print_r ($val);
									echo new_user($val);
						  }
						  else{ echo '0'; }
					}
					else {
						echo '<center><br /><br />You are not permission</center>';
					}
						  break;
				}
			  case "editinfo": 	{	
						  if( isset($_GET['val']) && $_GET['val'] != ''){
									$val = $_GET['val']; //print_r ($val);
									echo edit_user($val);
						  }
						  else{ echo '0'; }
						  break;
				}
			  case "changepass": 	{	
						  if( isset($_GET['val']) && $_GET['val'] != ''){
									$val = $_GET['val']; //print_r ($val);
									echo changepass_user($val);
						  }
						  else{ echo '0'; }
						  break;
				}
			  case "changepermission": 	{	
						  if( isset($_GET['val']) && $_GET['val'] != ''){
									$val = $_GET['val']; //print_r ($val);
									echo changepermission_user($val);
						  }
						  else{ echo '0'; }
						  break;
				}
			  case "delete": 	{	
			  		if($permission =='2' || $permission =='3' ){
						  if( isset($_GET['id']) && $_GET['id'] != ''){
								$id = $_GET['id'];
								delete_user($id);
						  }
						  else{
							  echo 'Cannot get variable';
						  }
					}
					else{
						echo '<center><br /><br />You are not permission</center>';
					}
						  break;
				}
			  default:		{
						  echo 'Function false';
						  break;
				}
	
		}
	}
}
	
	
function new_user($val)
{
	$timezone  = +7; //(GMT +7:00)  
	$currenttime = gmdate("Y-m-d H:i:s", time() + 3600*($timezone+date("0"))); 
	$usentmail = 'off';
	
	$var_array = read_var ($val);
	
	include("../connect.php");
	$command0 = "SELECT `id` FROM `user_account` WHERE `username` = '".$var_array['uname']."'";
	$result0 = mysql_query($command0, $conn);
	$query_num = mysql_num_rows($result0);
	if($query_num==0){	
		//*** Start Transaction ***//  
	mysql_query("START TRANSACTION");  
		$command1 = "INSERT INTO `user_account` (`username`,`password`,`permission`) VALUES ('".$var_array['uname']."','".$var_array['upass']."','".$var_array['upermission']."')";
		$result1 = mysql_query($command1, $conn);
		$id = mysql_insert_id();
		//save_log ('Add','imgalbum',$id); //Add,Update,Edit,Status,Delete,Check
		
		$command2 = "INSERT INTO `user_info` (`id`, `fullname`, `address`, `email`, `phonenumber`, `birthday`, `membersince`) VALUES ('".$id."', '".$var_array['ufullname']."', '".$var_array['uaddress']."', '".$var_array['uemail']."','".$var_array['uphonenumber']."','".$var_array['ubirthday']."','".$currenttime."')";
		$result2 = mysql_query($command2, $conn);
		//save_log ('Add','db2txt',$id); //Add,Update,Edit,Status,Delete,Check

		$command7 = "INSERT INTO `user_groupview` (`groupname`, `owner`)";
		$command7 .= "VALUES ( '".name_db_friendlist."' , '".$id."')";
		$result7 = mysql_query($command7, $conn);
		
		if(($result1) && ($result2) && ($result7))  {  
		//*** Commit Transaction ***//  
	mysql_query("COMMIT");  
			return '1';
		}  
		else  {  
		//*** RollBack Transaction ***//  
	mysql_query("ROLLBACK");  
			return '2';
		}
		mysql_free_result($result1);
		mysql_free_result($result2);
		mysql_free_result($result7);
	}
	else{
		return '0';
	}

	mysql_free_result($result0);
	mysql_close($conn);
}

function edit_user($val)
{
	$var_array = read_var ($val);
	
	include("../connect.php");

	$command3 = "UPDATE `user_info` SET `fullname` = '".$var_array['ufullname']."', `address` = '".$var_array['uaddress']."', `email` = '".$var_array['uemail']."', `phonenumber` = '".$var_array['uphonenumber']."', `birthday` = '".$var_array['ubirthday']."' WHERE `id` = '".$var_array['uid']."'";
	$result3 = mysql_query($command3, $conn);
	//save_log ('Add','db2txt',$id); //Add,Update,Edit,Status,Delete,Check
	if($result3)  {  
		return '1';
	}  
	else  {  
		return '0';
	}
	mysql_free_result($result3);
	mysql_close($conn);
}


function changepass_user($val)
{
	$var_array = read_var ($val);
	include("../connect.php");
	
	$command4 = "SELECT `username` FROM `user_account` WHERE `id` = '".$var_array['uid']."' AND `password` = '".$var_array['ucurpass']."'";
	$result4 = mysql_query($command4, $conn);
	$query_num1 = mysql_num_rows($result4);
	if($query_num1==1){	
		$command5 = "UPDATE `user_account` SET `password` = '".$var_array['unewpass']."' WHERE `id` = '".$var_array['uid']."' AND `password` = '".$var_array['ucurpass']."'";
		$result5 = mysql_query($command5, $conn); 
		//save_log ('Add','db2txt',$id); //Add,Update,Edit,Status,Delete,Check
		if($result5)  {  
			return '1';
		}  
		else  {  
			return '2';
		}
		mysql_free_result($result5);
	}
	else{
		return '0';
	}
	mysql_free_result($result4);
	mysql_close($conn);
}

function changepermission_user($val) {
	$var_array = read_var ($val);
	include("../connect.php");
$command6 = "UPDATE `user_account` SET `permission` = '".$var_array['upermission']."', `status` = '".$var_array['ustatus']."' WHERE `id` = '".$var_array['uid']."'";
	$result6 = mysql_query($command6, $conn); 
	//save_log ('Add','db2txt',$id); //Add,Update,Edit,Status,Delete,Check
	if($result6)  {  
		return '1';
	}  
	else  {  
		return '2';
	}
	
	mysql_free_result($result6);
	mysql_close($conn);
}

?>